# Beware that the quotes around the values are mandatory

# GENERAL CONFIGURATION
{% if env == 'staging' %}
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
{% else %}
SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}"
{% endif %}


GLOBAL = {'reverse_proxied': True,
          'cookies_secure': True,
          'transactions_timeout': 5,
          'global_template_dir': '/usr/share/fedoauth/templates/global/',
          'template_dir': '/usr/share/fedoauth/templates/fedora/',
          'logging_config_location': '/etc/fedoauth/fedoauth.log.cfg',
          'secret_key': '{{ fedoauth_secret_key }}',

{% if env == 'staging' %}
          'url_root': 'https://id.stg.fedoraproject.org',
          'static_content_root': 'https://id.stg.fedoraproject.org/static',
          'enable_test_endpoint': True,
{% else %}
          'url_root': 'https://id.fedoraproject.org',
          'static_content_root': 'https://id.fedoraproject.org/static',
          'enable_test_endpoint': False,
{% endif %}
}


AUTH_MODULE_CONFIGURATION = {
    # This module authenticates against the Fedora Account System
    # (https://admin.fedoraproject.org/accounts/)
    'fedoauth.auth.fas.Auth_FAS': {'enabled': True,
                                   'listed': True,
                                   'select_image': '/static/fedora/fedora-authn-logo-white.png',
                                   'reauth_timeout': 15,
                                   'email_alias_when_cla': True,
                                   'user_agent': 'FedOAuth',
                                   'check_cert': True,
{% if env == 'staging' %}
                                   'email_auth_domains': ['stg.fedoraproject.org'],
                                   'base_url': 'https://admin.stg.fedoraproject.org/accounts/',
{% else %}
                                   'email_auth_domains': ['fedoraproject.org'],
                                   'base_url': 'https://admin.fedoraproject.org/accounts/',
{% endif %}
                                  }
}


AUTH_PROVIDER_CONFIGURATION = {
    'fedoauth.provider.persona': {'enabled': True,
{% if env == 'staging' %}
                                  'domains': ['id.stg.fedoraproject.org', 'stg.fedoraproject.org'],
                                  'private_key': {'path': '/etc/fedoauth/persona.stg.key',
                                                  'passphrase': '{{ fedoauth_persona_key_passphrase }}'},
{% else %}
                                  'domains': ['id.fedoraproject.org', 'fedoraproject.org'],
                                  'private_key': {'path': '/etc/fedoauth/persona.key',
                                                  'passphrase': '{{ fedoauth_persona_key_passphrase }}'},
{% endif %}
                                 },
    'fedoauth.provider.openid': {'enabled': True,
{% if env == 'staging' %}
                                 'identity_url_pattern': 'http://%(username)s.id.stg.fedoraproject.org/',
                                 'trusted_roots': [],
{% else %}
                                 'identity_url_pattern': 'http://%(username)s.id.fedoraproject.org/',
                                 'trusted_roots': ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
                                                   'https://ask.fedoraproject.org/',
                                                   'https://fedorahosted.org/',
                                                   'https://badges.fedoraproject.org',
                                                   'https://apps.fedoraproject.org/tagger/',
                                                   'https://apps.fedoraproject.org/nuancier/',
                                                   'https://apps.fedoraproject.org/datagrepper/',
                                                   'https://apps.fedoraproject.org/calendar/',
                                                   'http://apps.fedoraproject.org/notifications/',
                                                   'http://copr.fedoraproject.org/',
                                                   'http://copr-fe.cloud.fedoraproject.org/',
                                                   'https://admin.fedoraproject.org/pkgdb/',
                                                   'https://admin.fedoraproject.org/voting/',
                                                   'https://apps.fedoraproject.org/github2fedmsg',
                                                   'https://admin.fedoraproject.org',  # Nagios
                                                   'https://apps.fedoraproject.org/'],  # FMN
{% endif %}
                                 'non_trusted_roots': [],
                                 'handle_magic_groups_value': True
                                }
}
